Group policy grayed out, firewall off

[MavMin]

My Group Policy Settings are the same. I don't care if I cannot get there but the Windows seems unable to talk to itself and I get the padlock and message on startup.

I am at work now so will try the other software when I get home. Thanks!

 

[MavMin]

SystemLook 30.07.11 by jpshortstuff
Log created at 15:53 on 13/02/2013
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc]
"PreshutdownTimeout"= 0x00000dbba0 (900000)
"DisplayName"="@gpapi.dll,-112"
"Group"="ProfSvc_Group"
"ImagePath"="%windir%\system32\svchost.exe -k GPSvcGroup"
"Description"="@gpapi.dll,-113"
"ObjectName"="LocalSystem"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"DependOnService"="RPCSS Mup"
"RequiredPrivileges"="SeImpersonatePrivilege SeTcbPrivilege SeTakeOwnershipPrivilege SeIncreaseQuotaPrivilege SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeChangeNotifyPrivilege SeCreatePermanentPrivilege SeShutdownPrivilege SeLoadDriverPrivilege SeRestorePrivilege SeBackupPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Security]


-= EOF =-

 

[MavMin]

- <Event xmlns="Error">
- <System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />

<EventID Qualifiers="32768">6000</EventID>

<Version>0</Version>

<Level>3</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2013-02-13T21:56:31.000000000Z" />

<EventRecordID>20037</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>Application</Channel>

<Computer>PC</Computer>

<Security />

</System>


- <EventData>
<Data>GPClient</Data>

<Binary>D9060000</Binary>

</EventData>


</Event>

 

[MavMin]

- <Event xmlns="Error">
- <System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />

<EventID Qualifiers="32768">6003</EventID>

<Version>0</Version>

<Level>3</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2013-02-13T21:56:27.000000000Z" />

<EventRecordID>20030</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>Application</Channel>

<Computer>-PC</Computer>

<Security />

</System>


- <EventData>
<Data>GPClient</Data>

<Binary>D9060000</Binary>

</EventData>


</Event>

 

[MavMin]

- <Event xmlns="Error">
- <System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="49152">7001</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime="2013-02-13T21:56:24.372461500Z" />

<EventRecordID>76367</EventRecordID>

<Correlation />

<Execution ProcessID="720" ThreadID="724" />

<Channel>System</Channel>

<Computer>PC</Computer>

<Security />

</System>


- <EventData>
<Data Name="param1">Net.Tcp Listener Adapter</Data>

<Data Name="param2">Net.Tcp Port Sharing Service</Data>

<Data Name="param3">%%1058</Data>

</EventData>


</Event>

 

[MavMin]

- <Event xmlns="Error">
- <System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="49152">7000</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x8080000000000000</Keywords>

<TimeCreated SystemTime="2013-02-13T21:56:23.352059500Z" />

<EventRecordID>76333</EventRecordID>

<Correlation />

<Execution ProcessID="720" ThreadID="724" />

<Channel>System</Channel>

<Computer>PC</Computer>

<Security />

</System>


- <EventData>
<Data Name="param1">Group Policy Client</Data>

<Data Name="param2">%%1053</Data>

</EventData>


</Event>

 

[MavMin]

I am guessing I am the point where I reimage and be done with it.

 

[cottonball]

Give the following a whirl...

Please download gpsvc.reg and save it to the Desktop:
http://download.bleepingcomputer.com/win-services/7/gpsvc.reg
Save to the Desktop for now. We will come back to it.

Now, press Windows key and the R key, on your keyboard, at the same time.
In the Run box, type: regedit
Press: OK

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc

Do so by clicking on the > to the left of:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
Under Services, you will find: gpsvc

Right-Click gpsvc and select: Permissions
In the Permissions for gpsvc prompt, click: Advanced

In the Advanced Security Settings for gpsvc, select the Owner tab.
In the Change owner to area, select the entry starting with you user name.
Now, go to the bottom area, and place a check mark next to: Replace owner on subcontainers and objects
Click: Apply and OK.

Under Security type, while Everyone is selected, place a check mark in the box under: Allow (It is next to Full Control)
Click Apply, and OK.


Back to the Desktop...
Right-click on gpsvc.reg and select: Merge
A notice appears asking if you want to merge the information in the file into the Registry, click: Yes
Restart the computer.


Go to Start > All Programs > Accessories and look for the Command Prompt
Right-click the Command Prompt and select: Run as Administrator

At the blinking cursor of the Command Prompt, copy/paste each of the following lines inside the quote box, one at a time, and press Enter after each:

sc config Mup start= boot
sc start Mup
sc config gpsvc start= auto
sc start gpsvc
exit

Restart the computer.


Now, go back to System Look, and use the following once again (Post #39):

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc

Press: Look

Please post the SystemLook.txt in your reply.


Also, check to see if you get the same "Windows could not connect to the Group Policy Client service", etc. error.

 

[MavMin]

SystemLook 30.07.11 by jpshortstuff
Log created at 22:23 on 13/02/2013
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc]
"PreshutdownTimeout"= 0x00000dbba0 (900000)
"DisplayName"="@gpapi.dll,-112"
"Group"="ProfSvc_Group"
"ImagePath"="%windir%\system32\svchost.exe -k GPSvcGroup"
"Description"="@gpapi.dll,-113"
"ObjectName"="LocalSystem"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000010 (16)
"DependOnService"="RPCSS Mup"
"RequiredPrivileges"="SeImpersonatePrivilege SeTcbPrivilege SeTakeOwnershipPrivilege SeIncreaseQuotaPrivilege SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeChangeNotifyPrivilege SeCreatePermanentPrivilege SeShutdownPrivilege SeLoadDriverPrivilege SeRestorePrivilege SeBackupPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Security]


-= EOF =-

 

[MavMin]

Message is GONE!!!! CMD scripts - First one was successful, second said it was already running so after that all failed, but the message is history! I am going to try and change users and see if it comes up. Also. I updated Spybot and it removed a WAJAM registry key.

 

[MavMin]

Yes!!! logged on to the other accounts and no GP message and this account is now a standard account and not an admin one and is logged on!!!!!! You folks are marvelous!!! You're worth your weight in gold!!!!!!!

 

[cottonball]

You done good, Old SSG!!!


Now, let's run ComboFix on that machine...

Please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANT!!! Save to your Desktop <<<

If using a notebook, make sure it is connected to wall-power (AC power), or a UPS system.


Disable any AntiVirus and AntiSpyware applications, since they may interfere with ComboFix.

Info on disabling protection programs:
Topic:
How to disable your security applications - Tech Support Forum
Topic:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

To run the program, right-click on ComboFix.exe and select: Run as Administrator
Click on Yes, to continue scanning for malware.
The scan make take a while, since it has some 50+ stages.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.
　
Notes:
1. Please do not mouse-click the ComboFix window while it is running. This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[larsahlstrom]

Beautiful! (message #48)
Thanks for that. Saved me probably days... I o u, cottonball!